CVE-2026-53307 PUBLISHED

pinctrl: pinconf-generic: Fully validate 'pinmux' property

Assigner: Linux
Reserved: 09.06.2026 Published: 26.06.2026 Updated: 26.06.2026

In the Linux kernel, the following vulnerability has been resolved:

pinctrl: pinconf-generic: Fully validate 'pinmux' property

The pinconf_generic_parse_dt_pinmux() assumes that the 'pinmux' property is not empty when present. This might be not true. With that, the allocator will give a special value in return and not NULL which lead to the crash when trying to access that (invalid) memory. Fix that by fully validating 'pinmux' value, including its length.

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from 7112c05fff83e15726dd60a10248b76474e3cdf9 to 6476aac13805721e16439bd71f0e1703a4154517 (excl.) affected from 7112c05fff83e15726dd60a10248b76474e3cdf9 to b7842b722169359e7ffe4b838d2496e9e72ac996 (excl.) affected from 7112c05fff83e15726dd60a10248b76474e3cdf9 to c98324ea7849b6e5baa1774f71709b375a2c2f9e (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 6.15 is affected unaffected from 0 to 6.15 (excl.) unaffected from 6.18.33 to 6.18.* (incl.) unaffected from 7.0.10 to 7.0.* (incl.) unaffected from 7.1 to * (incl.)

CVE-2026-53307 PUBLISHED

pinctrl: pinconf-generic: Fully validate 'pinmux' property

Product Status

References